RE: out of range LBA using sg_raw
From: Kashyap Desai
Date: Wed Mar 08 2017 - 11:16:00 EST
> -----Original Message-----
> From: Bart Van Assche [mailto:Bart.VanAssche@xxxxxxxxxxx]
> Sent: Wednesday, March 08, 2017 9:35 PM
> To: hch@xxxxxxxxxxxxx; kashyap.desai@xxxxxxxxxxxx
> Cc: linux-scsi@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx
> Subject: Re: out of range LBA using sg_raw
>
> On Wed, 2017-03-08 at 21:29 +0530, Kashyap Desai wrote:
> > Also one more fault I can generate using below sg_raw command -
> >
> > "sg_raw -r 32k /dev/sdx 28 00 01 4f ff ff 00 00 08 00"
> >
> > Provide more scsi data length compare to actual SG buffer. Do you
> > suggest such SG_IO interface vulnerability is good to be captured in
driver.
>
> That's not a vulnerability of the SG I/O interface. A SCSI device has to
set the
> residual count correctly if the SCSI data length does not match the size
of the
> data buffer.
Thanks Bart. I will pass this information to Broadcom firmware dev. May
be a Tx/Rx (DMA) related code in MR (also for Fusion IT HBA) cannot
handle due to some sanity checks are not passed.
>
> Bart.